Ghiro is a digital image forensics tool.
Fully automated and open source.

What is Ghiro

Ghiro is a fully automated tool designed to run forensics analysis over a massive amount of images, just using an user friendly and fancy web application.

Developer

Alessandro Tanasi jekil

Lead developer. He thinks in terms of architectural design, database relationships and inter processes communications. He strongly belive the core of things(TM) is developed in scripting language.

Developer

Marco Buoncristiano burlone

User experience and design architect. He does not sleep until he has killed the last bug . He makes use of a complicated tool an experience easy and enjoyable, like a beautiful dream.

Download

The stable branch follows the last stable release but provide faster bug fixes, so it is pretty the same of downloading the stable package above. This is suggest only for advanced users. You can download the code with the following command:
git clone https://github.com/ghirensics/ghiro.git

Stable release package
Latest Ghiro stable release can be downloaded using the button on the right.
Stable package is available in both .zip and .tar.gz format. This is strongly suggested for all users.



Virtual Appliance
The faster way to start playing with Ghiro is to download the Ghiro Virtual Appliance. In few minutes you will have a fully functional Ghiro setup to start to analyze your images.
The ZIP contains an OVA file, you have to import in your virtualization software (like VirtualBox or VMWare) and configure the networking as explained in the README.txt.

Main features

All Ghiro features can be controlled via web interface. You can upload images, bunch of images, navigate reports, get a quick or deep overview of images analysis. You can group images in cases, search for any kind of analysis data, search photo near a GPS location, administer users, view all images in the system.

Metadata extraction

Metadata are divided in several categories depending on the standard they come from. Image metadata are extracted and categorized. For example: EXIF, IPTC, XMP.

GPS Localization

Embedded in the image metadata sometimes there is a geotag, a bit of GPS data providing the longitude and latitude of where the photo was taken, it is read and the position is displayed on a map.

MIME information

The image MIME type is detected to know the image type your are dealing with, in both contacted (example: image/jpeg) and extended form.

Error Level Analysis

Error Level Analysis (ELA) identifies areas within an image that are at different compression levels. The entire picture should be at roughly the same level, if a difference is detected, then it likely indicates a digital modification.

Thumbnail extraction

The thumbnails and data related to them are extracted from image metadata and stored for review.

Thumbnail consistency

Sometimes when a photo is edited, the original image is edited but the thumbnail not. Difference between the thumbnails and the images are detected.

Signature engine

Over 120 signatures provide evidence about most critical data to highlight focal points and common exposures.

Hash matching

Suppose you are searching for an image and you have only the hash. You can provide a list of hashes and all images matching are reported.

We belive in open source, automated, scalable, customizable software and beautiful design. We plan image forensics easier than ever.

Ready to try Ghiro?

Join the community

Ghiro is an Open Source project, we are a group of volunteers and all project's expenses are covered by us. Your financial contribution will support the maintenance, improvement, and promotion of Ghiro and it is a way of ensuring the longevity and overall health of the project.

IRC chat

IRC channel on Freenode Server:
irc.freenode.net
Channel:
#ghiro

Donations

PayPal Donation
BitCoin Donation

Community

Ghiro is an Open Source project, we are a group of volunteers and all project's expenses are covered by us. Your financial contribution will support the maintenance, improvement, and promotion of Ghiro and it is a way of ensuring the longevity and overall health of the project.